> Then there's something different what Dovecot and ldapsearch does. They > have the same dn, dnpass, neither uses tls, same base, deref, scope? >I figured it out, there certainly is something different! The AuthDatabase/LDAP documentation on the Dovecot Wiki says "When connecting to AD, use port 3268". Port 3268 is used for Global Catalog searching. By default the Active Directory Global Catalog wouldn't include attributes like otherMailbox, but would include mail and sn. The solution here would be to either use port 389 and search the domain like ldapsearch or to add the otherMailbox attribute (or any others I want to search on) to the global catalog. It might be worth updating the wiki to mention the reasoning behind using port 3268 and the implications it can cause. Thanks for the help!
Timo Sirainen
2009-Oct-16 19:34 UTC
[Dovecot] Dovecot deliver with AD LDAP userdb [SOLVED]
On Fri, 2009-10-16 at 15:28 -0400, Mark Schaub wrote:> It might be worth updating the wiki to mention the reasoning behind > using port 3268 and the implications it can cause.Well, does the port 389 work then? It's mentioned there only because someone complained that 389 didn't work.. Perhaps because it required TLS? Or something, I don't know. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20091016/57fdadce/attachment-0002.bin>
> Well, does the port 389 work then? It's mentioned there only because > someone complained that 389 didn't work.. Perhaps because it required > TLS? Or something, I don't know.I will have to play with it some. Just switching to port 389 really slowed everything down and may have caused some other problems, but that could also be due to my configuration. It may be possible to use the GC port for the pass_filter queries and 389 on the user_filter queries. The more I think about it the more it makes sense in this case to add the otherMailbox field to the global catalog and index it, as this will be a very common ldap search.
Apparently Analagous Threads
- Dovecot deliver with AD LDAP userdb
- My dovecot works fine against Active Directory 2003, but not against AD2008
- My dovecot works fine against Active Directory 2003, but not against AD2008
- Multiple email addresses for user accounts
- Dovecot+Samba AD - authentication failure